The Verizon order, the NSA, and what call records might reveal about psychiatric patients

"Dissent," an anonymous-pseudonymous blogger who is a mental health care practitioner, has an interesting post about one tangential consequence of the announcement that Verizon and other communications providers have been ordered to turn over records to the NSA.  
I started thinking about what those records and metadata could reveal.  Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.

"Dissent" hopes someone will "come up with some point-and-click instructions for doctors and lawyers to use to protect our calls and e-mails better so that the identity of those calling or e-mailing us has better protection." Tor and burner phones for shrinks!

Read more: The Verizon order, the NSA, and what call records might reveal about psychiatric patients []


  1. That could actually prove to be interesting, because 50 USC § 1861 places (slightly, and equally unimpressive) different restrictions on who is authorized to access business records, section a(1), and “library circulation records, library patron lists, book sales records, book customer lists, firearms sales records, tax return records, educational records, or medical records containing information that would identify a person” section a(3).

    I’d be shocked if anybody actually had the slightest success with our ‘national-security’ fetishizing judiciary; but it’d be interesting to see the argument made that a psychiatrist’s phone records are very plausibly medical records, potentially personally identifying ones(unless you operate on the absurd fiction that the NSA has no access to phone books), and would thus be impermissible under the authorization of section a(1), and only authorized for those named in a(3)…

    (edit: of course, give Sorrel v. IMS Health Inc., anyone who thinks that they enjoy medical privacy is… optimistic.)

  2. Wow, sucks to have to have to get to this point, but perhaps “Dissent” should consider investing in the standard drug dealer’s tool, the anonymous “burner phone”?   Certainly a business write off if the purpose is to not create a tagged trail to his/her patients.

  3. I spent a weekend setting up a TOR proxy for me, but I came to  conclusion this is the wrong solution. We have to stand and fight. These programs must be stopped and shut down. If the current batch of politicians don’t have the courage to do it, we fire them and get more.

    TOR and burner phones won’t really shield you. Network analysis is a powerful tool and can likely figure out who you are without you actually giving anything away. To properly hide, you would need to never shop on line, never browse, never use a phone (any phone), etc. Not really possible.

    Don’t hide. Stand up. Be counted. Inundate your congress critters with very form of communication you can. Say it loud. If Edward Snowden is willing to destroy his life, the least we can do is honor that and make it count.

  4. Burner phones wouldn’t really help since they can DE anonymise  networks with just a few data points. As long as they knew probably as few as 2 patients of the doctor, by cross-referencing their calls they can figure out what the burner phone-number is.

  5. Waiting on legislative or legal remedies could take a long time, if they ever occur.  Email, messaging and calls need to be made more secure with end-to-end encryption, that is easily implemented in the background without anyone knowing what is going on (unless they want to know).  It has to be virtually invisible, ubiquitous, and painless, and targeted toward grandmas who use Facebook, Gmail, iMessages, and other platforms, not people who are tech savvy and know how to seek out alternatives.  

  6. I suspect that Big Pharma and corporate HR professionals are more likely to be interested in who has received psychiatric care than is the government. Who’s to say they wouldn’t contract the same private security corporations the NSA uses to find that stuff out about us?

    1. Previous electronic surveillance systems suffered from the corruption known as corporate espionage. What you describe is exactly what will happen. Then a whistle will be blown. Then it will turn out someone has a history of paranoid schizophrenia. Enhanced interrogation techniques will be applied. And no one will recognise we are right back where we started, conducting torture experiments on mental patients to see if we can erase their minds. Hello, Montreal! Goodbye, Bagdad!


      1. Ha, yes, forgot all about Echelon, so very long ago. My current personal worry is having been blacklisted for a pre-existing condition and an unfortunate YouTube video someone posted of me drunk after a punk rock show. You will note I’m not using a screen name, the cat’s already long out of the bag.

  7. I thought at first he was proposing that they could and should do something useful to help the patients.

  8. Since the patients need to get hold of the doctor then a ‘burner phone’ would not help.   That doctor has to be reachable at a given and fixed number.  Since he has to accept incoming calls I am not sure if there is any technical way to block his meta-data from going to the NSA (or the phone companies collecting the meta-data; although due to the possibility of being sued I don’t believe that the phone companies do anything with the data.)

  9. When people found out that Apple saved location information on their phones, they completely spazzed out.  Now that we find the NSA can tell who everybody in American called, and when… people think “oh that’s ok because terrorism is bad.”  Guess what everybody… we’re at war with Eurasia, or is it Eastasia…?  Either way, if we don’t consent to perpetual monitoring, the bad guys will get us.

  10. Because these systems rely on patterns of behavior to identify threats, changing from a landline to a burner phone would not hide you for long.  You would quickly reestablish an identical pattern of behavior and contacts with the new phone, and then would be identifiable.  Perhaps if you kept an arsenal of burner phones that you used randomly, you could throw them off for a while.  But if you kept the same physical routine, making calls from the same locations, they might still figure out it’s you by piecing together contacts and tower data.

    Plus, whatever technique you come up with and publicize in order to evade the system (prism-break, I’m looking at you), will just be the latest challenge for the NSA’s 70,000 engineers to overcome.

    As we all know, the only way to affect change in this country is through lobbyists.  Consider Monsanto’s success, for instance.  It’s time to massively fund the EFF and ACLU.  Like RIGHT NOW. 

  11. Consider this scenario: A government whistle blower (WB) needs to be silenced or discredited.  Reviewing phone records of the WB, one could determine a potential weakness.  For this article’s mental health professional to be linked to that WB, thus revealing the WB’s weakness, the govt. has a potential method for silencing or discrediting the WB.  Create a scenario to play on the WB’s weakness: think Gaslighting. Now consider Julian Assange’s rape charges, Bradley Manning’s “mental illness”.  A stroke of a pen, a carefully chosen turn of phrase, i.e.”word+Gate”.  This is just another weapon in the well established arsensal.

    1. Imagine the kind of analysis they’re doing on Snowden’s records, and the effect that will have on people in his life who have no involvement in these events.

  12. Here is my letter to my Representatives. Feel free to mine it for ideas for your own letters. All mistakes are mine. I am an idiot. You have been warned..

    The Honorable Orrin G. Hatch,
    The Honorable Mike Lee,
    Representative Rob Bishop,

    My name is Miles Johnson. I live in Hyde Park, Utah. I am happily married with 2 children and 3 grandchildren. I am employed by Utah State University. I have worked for USU for over 30 years. I am a computer and network security professional.

    I have learned that security is hard. There are lots of non-obvious trade-offs and secondary effects. On the face, it is simple enough: “Security is a meaningful reassurance that Your goals are being accomplished.” But, when you are dealing with lots of pressure, and constantly changing technology, it is easy to lose sight of your most important goals.

    My goals are straightforward. I want my children and grandchildren to have happy, productive lives. I want them to have the same liberty and justice that I have received. I want them to be able to think for themselves and chose for themselves. I want them to be secure in their persons, houses, papers and effects. The greatest protector of my goals is the US Constitution. I love and honor the Constitution.

    I believe that you love and honor it too. You have sworn an oath to support and defend the Constitution against all enemies, foreign and domestic. You have dedicated years of your life to public service.

    I call on you as my representative and protector to take action to protect our beloved Constitution. We have lost sight of our greatest goals. We are sacrificing our Constitutional liberties and freedoms in a futile quest to find perfect safety.

    Recently, the press has published secret FISC court orders authorizing widespread monitoring of the US population. One of these secret orders instructs:

    “IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the National Security Agency (NSA) upon service of the Order, and continue production on an ongoing daily basis thereafter for the duration of the Order, unless otherwise ordered by the Court, an electronic copy of the following tangible things: all call detail records or “telephony metadata” created by Verizon for communications (I) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.”

    These orders enable the wholesale monitoring of the people of the United States. I have heard arguments that this is not a violation of the Constitution. These arguments miss the point. This secret widespread monitoring does not SUPPORT the Constitution. You and I are monitored without any evidence of wrongdoing. The monitoring opposes the intent and spirit of the Bill of Rights.

    The wholesale secret monitoring of the people of the United States by it’s government must not continue. It threatens our freedom of speech; Our freedom to peaceably assemble; And our rights to be secure in our persons, houses, papers, and effects, against unreasonable searches and seizures.

    Please support the Constitution. Please stop the wholesale monitoring. It comes at the cost of our most precious Liberties. And, please have mercy on the patriotic people who publish these attacks on the Constitution. Don’t punish the messengers. The whistle-blowers are not the problem.

    1. You may be an idiot, but indeed you are no fool :-)

      While I would only up-vote this once, my vote being no more or less valuable than the next, I would do so with all my spiritual might.

      The people behind this know it’s weasel move that undermines the basic rights guaranteed by the United States Constitution, the document that makes being an American what its all about. No amount of clever lawyering over “metadata” changes that.

  13. I would think attorneys would be even more at-risk than psychiatrists. These days, a visit to the shrink can be dismissed as mild depression, and it won’t destroy anybody’s career. But a series of calls to a criminal defense attorney might just be newsworthy. However savvy they are in other areas, lawyers are often oblivious to their need for data security.

  14. Does that doctor bill to insurance companies? If so, isn’t the cat is already out of the bag with respect to patient privacy, either from an NSA or corporate state POV?

Comments are closed.